The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7fe0c3f8d3303b67e55e3abcd66cbd4a9eaa1a0d
commit 7fe0c3f8d3303b67e55e3abcd66cbd4a9eaa1a0d
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2021-10-26 07:51:33 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2021-10-28 08:41:17 +0000
mbuf: PACKET_TAG_PF should not be persistent
We should clear firewall tags on loopback, icmp reflection, or if_epair
transmission. Left over tags can produce unexpected behaviour,
especially on if_epair where a and b interfaces can be in different
vnets, and have different firewall policies set.
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D32664
---
sys/sys/mbuf.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sys/sys/mbuf.h b/sys/sys/mbuf.h
index 9c196f30b319..413854cc9a57 100644
--- a/sys/sys/mbuf.h
+++ b/sys/sys/mbuf.h
@@ -1351,7 +1351,7 @@ extern bool mb_use_ext_pgs; /* Use ext_pgs
for sendfile */
#define PACKET_TAG_DIVERT 17 /* divert info */
#define PACKET_TAG_IPFORWARD 18 /* ipforward info */
#define PACKET_TAG_MACLABEL (19 | MTAG_PERSISTENT) /* MAC label */
-#define PACKET_TAG_PF (21 | MTAG_PERSISTENT) /* PF/ALTQ
information */
+#define PACKET_TAG_PF 21 /* PF/ALTQ
information */
#define PACKET_TAG_RTSOCKFAM 25 /* rtsock sa family
*/
#define PACKET_TAG_IPOPTIONS 27 /* Saved IP options
*/
#define PACKET_TAG_CARP 28 /* CARP info */
